Preserving non-central and privacy with a "permission recording keyserver"

Andrew Gallagher andrewg at
Wed Jul 10 14:06:42 CEST 2019

On 10/07/2019 12:51, Bernhard Reiter wrote:
> Am Mittwoch 10 Juli 2019 11:01:09 schrieb Andrew Gallagher:
>> A validating, non-synchronising keyserver can perform this function in
>> the same way that any other website can, by simply deleting the data on
>> (reasonable) request.
> Yes, but I want to build a synchronising keyserver network. ;)

Then it can't be a validating network, because there's no way to
cryptographically validate a reasonable request, not without trusting
root authorities to sign legal documents.

> This is why the keyserver receiving the explicit non-permission must put this 
> in their list and share it with others, so the pubkey does not get 
> distributed by any (reasonable) keyserver anymore.

There are two ways for the key subject to deny permission - either
cryptographically, which only works if they are in possession of the
private key; or non-cryptographically, which only works if there is a
single source of (legally compelled?) truth.

That's why I proposed separating the keyserver network into validating
keyservers (hagrid, which validate non-cryptographic key
content but don't synchronise with each other, and caching keyservers
which sync but refer to the validating keyservers as a source of
non-cryptographic content.

Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-devel mailing list